File name: | Doc |
Full analysis: | https://app.any.run/tasks/b1583bd5-5173-4653-acd7-f8ad6668c7e9 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2018, 07:41:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
MD5: | C2CB276B3DAD889F878DEBE7650119E4 |
SHA1: | 44476C1AF55AC73F269B00C9A1F9BEFF1F450255 |
SHA256: | 3C99E7A4B4C262836E2E778B40A2FD4CC7F097EEC752C69D5FCEA357ED83751E |
SSDEEP: | 6144:IgACqOdm5y+DWfVSCwvu/SZb6zx+SOmVY1mMbSvS/BVlH3/W3cT8Tui3YRbfOAew:TDm5DiuvBZGLVgt8Qh3e5lHzs |
.exe | | | Generic CIL Executable (.NET, Mono, etc.) (81) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (7.2) |
.exe | | | Win32 Executable (generic) (4.9) |
.exe | | | Win16/32 Executable Delphi generic (2.2) |
.exe | | | Generic Win/DOS Executable (2.2) |
ProductName: | 51d2d5c6-a33d-4000-8614-294cfebb6ca8 |
---|---|
ProductVersion: | 1.0.0.0 |
FileVersion: | 1.0.0.0 |
OriginalFileName: | 77f3bf1e-2783-4030-ace5-a6ed6d6398d1.exe |
LegalCopyright: | 193fa18b-c8c3-4227-b271-e32a3a9a8a6e |
FileDescription: | 43f46455-2c6d-4171-861d-b642224b4e0 |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Unknown (0) |
FileFlags: | (none) |
FileFlagsMask: | 0x0000 |
ProductVersionNumber: | 0.0.0.0 |
FileVersionNumber: | 0.0.0.0 |
Subsystem: | Windows GUI |
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x720ee |
UninitializedDataSize: | - |
InitializedDataSize: | 70656 |
CodeSize: | 459264 |
LinkerVersion: | 6 |
PEType: | PE32 |
TimeStamp: | 2018:12:04 12:23:17+01:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2980 | "C:\Users\admin\AppData\Local\Temp\Doc.exe" | C:\Users\admin\AppData\Local\Temp\Doc.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: 43f46455-2c6d-4171-861d-b642224b4e0 Exit code: 0 Version: 1.0.0.0 | ||||
2572 | "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Doc.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft .NET Assembly Registration Utility Exit code: 0 Version: 4.6.1055.0 built by: NETFXREL2 | ||||
3968 | "C:\Users\admin\AppData\Roaming\services.exe" | C:\Users\admin\AppData\Roaming\services.exe | — | RegAsm.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft .NET Assembly Registration Utility Exit code: 0 Version: 4.6.1055.0 built by: NETFXREL2 |
(PID) Process: | (2980) Doc.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
Operation: | write | Name: | startupname |
Value: C:\Users\admin\filename.exe | |||
(PID) Process: | (2572) RegAsm.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | MaxConnectionsPer1_0Server |
Value: 10 | |||
(PID) Process: | (2572) RegAsm.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | MaxConnectionsPerServer |
Value: 10 | |||
(PID) Process: | (2572) RegAsm.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\0SAI4AY4J1 |
Operation: | write | Name: | inst |
Value: E3412070D9C894403A08132FB681E156008F90A806FCCC1EE243CAE90995EED84D924E1A30C2E3ECBD612723B7E02C8E1791638AE67755782D2E641CF7D48DBEF8E9959BD70E53429107B40C6E6EF5D54A27D6A41B346F38 | |||
(PID) Process: | (2572) RegAsm.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
Operation: | write | Name: | Google App Update |
Value: C:\Users\admin\AppData\Roaming\services.exe |
PID | Process | Filename | Type | |
---|---|---|---|---|
2980 | Doc.exe | C:\Users\admin\filename.exe | executable | |
MD5:C2CB276B3DAD889F878DEBE7650119E4 | SHA256:3C99E7A4B4C262836E2E778B40A2FD4CC7F097EEC752C69D5FCEA357ED83751E | |||
2572 | RegAsm.exe | C:\Users\admin\AppData\Roaming\services.exe | executable | |
MD5:911BDF77EB94E48CA524252A3FD47019 | SHA256:A07564A8771DAFA3EBE9ACEAA20C327EFA2D0AC2EDC06B2BBC3EEBDC66600641 |